Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-34162 |
Description: The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-32151 |
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-29978 |
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-29146 |
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-28955 |
Description: Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-26258 |
Description: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-25579 |
Description: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-24449 |
Description: An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-23910 |
Description: Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-21798 |
Description: ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|